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Abstract 


This document contains a set of basic recommendations for a country- 
level X.500 DSA. These recommendations can only be considered a 
starting point in the quest to create a global production quality 
X.500 infrastructure. For there to be a true "production quality" 
X.500 infrastructure more work must be done, including a transition 
from the 1988 X.500 (plus some Internet extensions) to the 1993 X.500 
standard (including the ’93 replication and knowledge model). This 
document does not discuss this transition. 


1. Introduction 


The ISO/CCITT X.500 Directory standard enables the creation of a 
single world-wide Directory that contains information about various 
types of information, including people. In the United States, in mid 
1989 NYSERNet (the project was later taken over by Performance 
Systems International - PSI) started a White-pages Pilot Project 


(WPP). Several organizations in the US joined this project. The PSI 
WPP provided the c=US root level master Directory System Agent (DSA) 
where organizations that joined the pilot were connected. In 


November 1990, the PARADISE project was started in Europe to provide 
an international directory service across Europe with international 
connectivity to the rest of the world. The PARADISE project also 
operated the "root of the world" DSA that connected each of the 
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national pilots into a single world-wide Directory Information Tree 
(DIT), enabling information about people all over the world to be 
obtainable using an Internet DUA (Directory User Agent). 


Much of the criticism of X.500 stems from the lack of a production 
quality infrastructure. Although there are already well over 500 
organizations and 1,000,000 entries in the the X.500 directory, some 
portions of the directory are still considered a "pilot project". 
Poor availability of portions of the directory and inconsistent 
quality of information are two problems that have not been adequately 
addressed in a number of the X.500 "pilot projects". One of the 
reasons for this has been a lack of formal service objectives for 
running an X.500 service, and recommendations for achieving them. 


In X.500, the country-level DSAs form the access path for the rest of 
the world to access directory entries associated with that country’s 
organizations. Thus, the availability and performance of the 
country-level DSAs give an upper bound to the quality of service of 
the whole country’s part of the Directory. 


2. Recommendations for the country-level Master DSA 


We will split the recommendations into three categories: Operational 
recommendations for the organization running the master DSA (service 
provider), DSA recommendations and personnel recommendations. 


2a. Operational recommendations for the country-level master and shadow 
DSAs 


In general, the country-level data should be available for querying 
100% of the time. Availability for updating is also important, but 
may be slightly reduced in practice, given X.500’s single master 
scheme. 


* The master DSA should be available at least 95% of the time. This 
means that the DSA must be monitored and supported over the weekend. 


* The Master DSA and its shadows should be positioned to minimize the 
possibility of single points of failure. 


* The master and its shadow DSAs should be disbursed across the 
national network infrastructure in order to distribute the load 
across the network, and to get the information closer to the 
requesters. This distribution should also minimize the possibility 
of a single point of failure, increasing availability. 
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2b. 


* Country DIT information, including naming infrastructure 
information such as localities and states, should be replicated 
across the oceans - not only to serve when the trans-oceanic links go 
down, but also to handle name resolution operations for clients in 
other countries. There should be a complete copy of the US root in 
Europe and a copy of the Japanese root in Africa and North America, 
for instance. Generally, data should be replicated where ever it is 
heavily used, and where it will be needed in the event of a network 
partition. 


* The master and shadow DSAs must run software that conforms to all 
the recommendations listed in section 4. 


Operational recommendations for the service provider 


* Provide a generic e-mail address for the DSA manager (e.g., x500- 
manager@foo.com). More than one manager should be available to 
handle problems as they come up (i.e., the manager should be able to 
go on vacation!). 


* E-mail to the manager of the master DSA must be answered in a 
timely fashion: 


* All mail to the manager should be acknowledged as received 
within one working day. 


* Trouble reports concerning the master and shadow DSAs must be 
answered within 24 hours; this response should include a 
resolution to the problem (when possible). There are situations 
where problem resolution may take longer than 24 hours, but this 
should be unusual. 


* General informational requests (e.g., how to join the service, 
where to get the software, etc.) should be acknowledged within 2 
working days and should normally be resolved within 2 working 
days. 


* Maintain a current e-mail distribution list of all DSA managers 
within the country. Changes to this list must be made in a timely 
manner (within 2 working days). It may be useful to include X.500 
software vendors and funders on this distribution list. 


* Provide quick turn around (2 working days) for changes/additions 
to the national master DSA (i.e., requests to add a new organization, 
to change a DSA’s information, or to remove a DSA). Acknowledgments 
to these requests must be made within 1 working day. 
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* At a minimum, the manager will make available documentation about 
the X.500 Production Service that includes information about how to 
join, which software to run and where to obtain it, naming 
guidelines, schema requirements, operational requirements, etc. 
Ideally, the manager should take a proactive role in advertising the 
X.500 Production Service and soliciting new members. 


* If the service is currently operating at a "pilot" level, remove 
references to "pilot" from the service and establish a process with 
the national-level DSA managers to transition from a pilot to a 
production service. This transition plan must include the production 
of a new set of requirements for their DSAs in the new production 
service (see section 3). 


* Remove organizations and their DSAs that do not meet the service’s 
published operational guidelines (see section 3). DSA managers 
should be notified at least 4 weeks in advance of removal to give 
them time to correct their operational deficiencies. This procedure 
should be performed at least once every 3 months. A grace period of 
3 months should be given to new organizations to come up to speed. 


* The service provider should work with other national X.500 service 
providers in the same country to ensure a single consistent DIT 
within the country. In North America, for example, the Production 
X.500 service should act as an ADDMD in the North American Directory 
Forum (NADF) X.500 service, producing timely Knowledge and Naming 
(KAN) updates for the Central Administration for the NADF (CAN) when 
entries under c=US or c=CA are added, changed or removed, and 
applying KAN updates produced by the CAN in response to updates from 
other ADDMDs. 


This will ensure a single consistent DIT common to both NADF and 
Internet X.500. 


Personnel recommendations for the country-level Master DSA 


* Participate in various technical forums, where appropriate. This 
requirement will become more important as more technical work 
transpires (e.g., for the 93 transition). 


* Provide a help desk that DSA managers can go to for help resolving 
operational problems. Support should be provided via e-mail and 
optionally via telephone. This help desk facility is intended to 
provide support above and beyond that provided on the mailing list 
mentioned previously. 
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* Publish quarterly status reports giving details on the state of the 
service: new organizations, deleted organizations, statistics on the 
availability of the master and shadow DSAs, number of operations 
performed by the master and shadow DSAs, etc. 


* Provide electronic access to service information. Some useful ways 
of doing this are: 


Provide a World Wide Web (WWW) page that includes information 
describing the service, together with contact information, 
pointers to useful software, a form that can be used to submit 
comments/bug reports, and any other useful information that can be 
provided. 


Provide FTP access to above information. 


3. Recommendations for operating a DSA within the National Directory 
Management Domain (DMD) 


The following are recommendations for all DSAs that are operating 
within the country-level DMD. 


* The availability of the organization’s subtree should be as 
close to 100% as possible. This coverage shall be provided by a 
master DSA and zero or more shadow DSAs. 


* Organizations should maintain information in their DSAs that is 
complete, accurate, and up-to-date. This information shall be 

accessible through Directory protocols to the extent allowable by 
the security and privacy policies of the respective organizations. 


* Organizations experimenting with the Directory should either be 
marked clearly as "experimental" (e.g., with an appropriate 
Quality of Service attribute, or perhaps by including the word 
"experimental" as part of the organization’s RDN), or they should 
be listed in a separate portion of the namespace, also clearly 
marked. Once the organization is done experimenting, it can be 
move to the "production" part of the DIT. 


* Two contact persons must be named as DSA managers for each DSA 


* DSA software should conform to the recommendations found in 
section 4. 
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4. Recommendations for DSA software 


The software should support the attributes and object classes found 
in the Internet schema [RFC 1274]. 


Software should be reliable, supportable and should provide 
sufficient performance to handle the DSA traffic. 


Additional requirements may be imposed by the service provider (e.g., 
'93 replication). 


5. References 

[CCITT-88] CCITT, "Data Communications Networks Directory", 
Recommendations X.500-X.521, Volume VIII - Fascicle 
VIII.8, IXth Plenary Assembly, Melbourne, November 
1988. 

[RFC 1274] Barker, P., and S. Kille, "The COSINE and Internet 
X.500 Schema", RFC 1274, University College, London, 
England, November 1991. 


6. Security Considerations 


Security issues are not discussed in this memo. 
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